If I am going to do a policy "try" within the pap the result on a request is correct.
After publishing the policy to a PDP the same request within the PEP Try it tool does not show any result. Is the PEP Tryit working correctly?
Greetings
Yes.. it is working correctly... There can be few reasons for this..
PDP policy may not have been enabled. Once you publish a policy , you want to enable it.. (In IS 450 and 460).
There can be more than one policy in the PDP.. . Therefore your request may be effected with them...
When there are more policies, You need to consider about policy combining algorithm and policy order as well
Please find detail on working on XACML with WSO2IS from here
Related
I would like to use the 'Scoping' and 'IDPList' options in the SAML authentication request in order to automatically select external IdP's from the applications.
Is this feature supported?
I'm afraid that the AuthnRequest currently neither support Scoping or IDPList. However, The AuthnRequest support NameIDPolicy, the code. You or someone else is welcome to add the support in a pull request. Then I'll look into it and add the support in a future release.
New to the forum :) - first post. I am trying to set up DocuSign in Salesforce for a client and keep running into an issue when trying to create an envelope template. Some context: my client has a DocuSign Business account (not Gen/ Negotiate), I have added the documents, and can add non-merge fields fine. The only issue is when I try to place the merge field, not create it, I receive an error:
Save Error: Some fields might be out of sync. Unable to connect to the service. Failed to connect to the salesforce service.
So far I have tried: adding IP addresses to Salesforce, removed MFA authentication for API, I have tried clearing cache and cookies, in different browsers, and in incognito mode - no success. I think I just have missed a step in set up? OR is this just not a feature of the client's current account and they need to enable the "Gen" feature to use merge fields?
Appreciate the help - I am also new to Salesforce administration and coding - so I am learning as I go and bear with me if I am not picking up all the "lingo" up front.
It sounds like you're using the legacy DocuSign for Salesforce package if you're not using Gen/Negotiate, so there are typically a couple of issues that could cause the error that you're seeing. The first is a caching issue, so you could try in an incognito browser or by clearing cache and cookies for the browser.
The other issue could be that the connection between DocuSign and Salesforce was broken and needs to be connected again. If that's the case, you could follow the steps in this article. If you're still running into problems, I'd advise to reach out to the DocuSign support team so that they can take a look with you (https://support.docusign.com/).
Hey guys I need to know how we can disable kerberos authentication on ambari for solr & spark2 web consoles.
I'm getting the Error 401 - Unauthorized access.
I just want to get in the web consoles with no need for authentication.
I don't need Spnego too.
Please let me know if you need more information.
Best Regards,
André Santos
#Bedjase, This is just a hack. You can look (in ambari) at what was changed for each component, and their dependencies, then try to remove those configuration changes created by kerberizing the cluster. You may find its more than just those Solr and Spark. If you just change those two, it could break stuff in the cluster (zookeeper, Ambari-metrics, and more). This kind of change is also going to make the cluster not something that is supportable for future upgrades.
I have an app running on Google app engine (Flask, python 3, flexible environment) using the Identity-Aware proxy to allow everyone in our organization (which uses GSuite) to control access. Recently we've been getting 413 errors.
When I looked at the cookies of the failing requests I expected to see one request cookie prefixed with GCP_IAAP_AUTH_TOKEN. Instead I see 11, each one slightly different. Their combined sizes put us over the 15kb header size limit indicated in the link below, causing a 413 error.
https://cloud.google.com/appengine/docs/flexible/go/how-requests-are-handled
I don't understand why there are so many cookies, or how to make them go away. Our users all use Chrome, and many but not all of them are intermittently running into this error. Those that aren't, when their cookies are inspected, show only a couple cookies with this prefix. See below for an example of what this collection of cookies looks like:
Eleven IAP cookies in a single header
Posting what ended up solving this particular instance of the problem in case something like it occurs to other people in the future.
The original IAP code for our project was written in 2018. At the time, IAP had a known issue requiring re-logging in every hour. The suggested workaround from this thread was to use a hidden iframe.
https://issuetracker.google.com/issues/69386592?pli=1
We followed that guidance, but Google fixed the underlying issue in June of 2019. Now, following that guidance causes a gradual accumulation of session cookies in the headers. Removing the no-longer-needed offending iframe code solved the problem.
Can DotNetNuke be used with a reverse proxy server?
Reverse Proxy: A proxy server that appears to the client as if it is an origin server. This is useful to hide the real origin server from the client for security reasons, or to load balance (taken from Google's definition of the term).
Basically DNN will respond to a request using the same portal alias that the request was made on. What I need to do is tell DNN to always respond to a request with a specific domain name only, regardless of the domain name that the request contained.
Does anyone know if this is possible, or if it is possible to turn this effect off?
I found the answer: Yes! but you have to disable friendly urls.